Could this sub be doing it? (i notice "remove any spaces")
############################# Subroutines ###########################
### PARSE SUBROUTINE
sub parse_formx {
local ($name, $value, $pair, $buffer, @pairs);
if ($ENV{'REQUEST_METHOD'} eq 'GET') {
# Split the name-value pairs
@pairs = split(/&/, $ENV{'QUERY_STRING'});
}
elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
# Clear buffer and Get the input
$buffer = "";
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
# Split the name-value pairs
@pairs = split(/&/, $buffer);
}else {
&error("Bad request method, Use POST or GET");
exit;
}
#determine name and variable for each pair
foreach $pair (@pairs) {
# Split into name and value.
($name, $value) = split(/=/, $pair);
# Ignore The Submit Button
if($name =~ /submit/i) { next; }
$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
+
+
+
# Remove Any Possible System Shell Commands Or SSI's Etc.
$name =~ s/~!/ ~!/g;
$name =~ s/<!--(.|\n)*-->//g;
$value =~ s/~!/ ~!/g;
$value =~ s/<!--(.|\n)*-->//g;
$value =~ s/^\s+//gms; # remove any leading spaces
$value =~ s/\s+$//gms; # remove any trailing spaces
$value =~ s/\s{2,}/ /gms; # remove any 2 spaces and put o
+nly 1
$value =~ s/\|//g; # removes any Intruder tamperin
+g
$value =~ s/~//g;
$value =~ s/\`//g; # removes any server side inclu
+des
$value =~ s/\~//g; # removes any server side inclu
+des
$value =~ s/\"//g; # removes quotes
$value =~ s/\;//g; # removes html
$value =~ s/\<//g; # removes html
$value =~ s/\>//g; # removes html
$value =~ s/\s+//g; # remove any spaces
$value =~ s/^[\s]+|[\s]+$//gm; # remove any spaces
$FORM{$name} = $value;
}
return %FORM;
} # end of sub
|